iOS 11 Allows Device and PIN to Reset iTunes Backup and Apple ID Passwords
Oleg Afonin (via Hacker News):
In iOS 11 you can still specify a backup password in iTunes, and you still cannot change or reset it through iTunes if you don’t know the original password. However, this means very little as you can now easily remove that password from iOS settings.
[…]
For Apple accounts with two-factor authentication, one can simply reset their Apple ID password from the device by confirming their device passcode (as opposed to supplying their old Apple ID password).
[…]
With the release of iOS 11, Apple developers made too many assumptions, breaking the fragile security/convenience balance and shifting it heavily onto convenience side.
Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left. Everything (and I mean, everything) is now completely exposed. Local backups, the keychain, iCloud lock, Apple account password, cloud backups and photos, passwords from the iCloud Keychain, call logs, location data, browsing history, browser tabs and even the user’s original Apple ID password are quickly exposed. The intruder gains control over the user’s other Apple devices registered on the same Apple account, having the ability to remotely erase or lock those devices. Finally, regaining control over hijacked account is made difficult as even the trusted phone number can be replaced.
[…]
Since the passcode is now the one and only safeguard left, make sure you use at least 6 digits. Four-digit PINs are no longer secure.
Previously: Find My Mac and Remote Wipe.
Update (2017-12-02): Rich Mogull:
There is no question that allowing the iOS device passcode to act as a secondary backup password reduces the security of encrypted iTunes backups on an individual level. As a professional paranoid I really wish Apple hadn’t made this change.
But there is also a legitimate case to be made that Apple improved the overall iOS experience for a much larger percentage of its customer base by making it less likely that average users could lose access to their encrypted iTunes backups entirely.
As an Apple customer who once had to factory-reset one of my children’s iPads because I had forgotten the backup password, hadn’t backed up to iCloud to save space, and couldn’t recover it from the Mac keychain where I… had failed to store it, I can certainly see Apple’s point of view.
I wonder what the explanation is for increasing the ease of resetting an Apple ID password, though.